The system that was hacked is used by insurance
agents and brokers to directly enroll customers. All other sign-up
systems are working.

CMS spokesman Johnathan Monroe said "nothing
happened" to the HealthCare.gov website used by the general
public. "This concerns the agent and broker portal, which is
not accessible to the
general public," he said. [Oh.
And a few hackers… Bob]

For my Computer Security students. (The Ethical
Hacking students get a much longer list of sites.)

… Now, with his Twitter accounts shuttered,
Jones had no way to communicate with the hundreds and thousands of
followers.

Except those accounts weren’t shuttered.

In fact, two months after Jones and InfoWars were
supposedly shunned, a number of accounts remain live and tweeting.

… All three Twitter accounts are listed
on the InfoWars site as official InfoWars social media, meaning they
wouldn’t be hard for Twitter to find. But the InfoWars
social media page notes it’s only “a small list of our main
profiles,” suggesting InfoWars is using other social media accounts
to evade the ban.

How
Companies Can Leverage Technology to Deliver Hyper-Personalized
Services

… There are two options. One is to completely
take those old core systems and modernize. Some of them are taking
that approach. But the problem with that approach is that it’s not
easy. It takes two, three, four years to completely modernize all of
your systems. And by the time these modernization projects are done,
the industry has moved on. Newer products have come along.

So what do we do? There is an approach that we
call “end transformation.” It is all about starting with your
end stakeholder in mind, looking at what are the specific use cases
that make sense for that customer, and how can we add value to the
customer and start working from there. You do that by building an
intelligent middle layer, which then talks to your core systems and
pulls out the data and services, and provide them using your
engagement layer back to the customer.

A few weeks ago TED-Ed published a lesson titled
Why
Should You Read Edgar Allan Poe? It now appears that lesson was
the first in a series of lessons designed to explain and encourage
students to read some classics. Since the Poe lesson was published
TED-Ed has published similar lessons about Don Quixote, Waiting for
Godot, and The Canterbury Tales. All of those video lessons plus the
Poe lesson are embedded below.

Friday, October 19, 2018

West Virginia is about to take a leap of faith in
voting technology — but it could put people's ballots at risk.

Next month, it will become the first state to
deploy a smartphone app in a general election, allowing hundreds of
overseas residents and members of the military stationed abroad to
cast their ballots remotely. And the app will rely on blockchain,
the same buzzy technology that underpins bitcoin, in yet another
Election Day first.

… But cybersecurity and election integrity
advocates say West Virginia is setting an example of all the things
states shouldn’t do when it comes to securing their elections, an
already fraught topic given fears that Russian operatives are trying
again to tamper with U.S. democracy.

… Voting integrity advocates are in overall
agreement about the best way to secure elections, and they have
pressed states to stick with technology that includes auditable paper
trails — even suing Georgia over that issue. They’ve urged the
Department of Homeland Security to advise states against having
modems in voting machines. And they have pressed the government to
warn state election officials against any kind of online voting.

… “Why is blockchain voting a dumb idea?”
University of Pennsylvania cybersecurity expert Matt Blaze tweeted
in August. “Glad you asked. For starters: - It doesn't solve any
problems civil elections actually have. - It's basically incompatible
with ‘software independence’, considered an essential property -
It can make ballot secrecy difficult or impossible.”

New Method,
Same Strategy: Russia Has Long Exploited U.S. Racial Divisions

As the country prepares for the first national
election since evidence emerged of the Russian government’s
interference in the presidential race two years ago, it is worth
recalling that the 2016 election was not the first time that Russia
intervened in U.S. politics. Recent Russian operations used American
racism to stoke divisions in our society. More
than half of the Facebook advertisements created by the
Kremlin-backed Internet Research Agency (IRA) to influence Americans
around the 2016 presidential election referenced race. While the use
of social media is new, Russia has a long history of highlighting the
conflict between American ideals of equality and the reality of
racial injustice in this country. This history provides important
context as the U.S. grapples with how to respond to the continued
threat of Russian government interference in our democracy.

Twitter suspended a network of suspected Twitter
bots on Thursday that pushed pro-Saudi Arabia talking points about
the disappearance of journalist Jamal Khashoggi in the past week.

Twitter became aware of some of the bots on
Thursday when NBC News presented the company with a spreadsheet of
hundreds of accounts that tweeted and retweeted the same pro-Saudi
government tweets at the same time.

… Saudi Arabia has widely embraced social
media. A study by Crowd Analyzer, an Arabic-focused social media
analysis firm, found that there were 11 million active Twitter users
in the country.

The bot accounts pushed messages over the weekend
imploring users to express doubt about news stories reporting that
Khashoggi was killed at the Saudi consulate in Turkey on Oct. 2 at
the order of the Saudi government, as Turkish officials have alleged.

… Russell found the accounts by analyzing a
trove of Twitter data and finding accounts that were created on the
same date and had similar numbers of followers, tweets and likes.
From there, he compiled a list of hundreds of accounts that tweeted
identical tweets at the same time.

He called the influence operation a “standard”
bot network, but was surprised at how old some of these accounts are.

“There were some that were from 2011, some from
2014,” he said. “For a bot to sit out there on Twitter for that
long is kind of shocking.”

… One study, however, found that out of 50 of
the most widely shared political images on WhatsApp in the lead-up to
the election in Brazil, only 8%
were considered fully truthful, and many were false, misleading
or unsubstantiated. There has also been a growing problem of fake
news videos, which don’t face the same scrutiny as articles.

… The new political ad moderation system has
also had major hiccups. Hours after the briefing, USA Today
published
a report showing that Facebook had removed ads after incorrectly
labeling them “political”, simply because they used descriptions
like “African-American” and “Mexican” or were written in
Spanish.

Today, FPF announces the release of The
Privacy Expert’s Guide to AI and Machine Learning. This guide
explains the technological basics of AI and ML systems at a level of
understanding useful for non-programmers, and addresses certain
privacy challenges associated with the implementation of new and
existing ML-based products and services.

Thursday, October 18, 2018

Earlier this year, Apple started
allowing its customers in the EU to download copies of the data
the company holds on them to comply with General Data Protection
Regulation rules that came into effect in May. Now, Apple has
updated its privacy website,
and it is letting its customers in the US grab
their data too.

… it could take up to a week for Apple to
prepare your download. The data may include details about your App
Store purchase history, Apple Music activity and AppleCare support
tickets.

The
Secretive Organization Quietly Spending Millions on Facebook
Political Ads

Over just two weeks in September, a
limited-liability company calling itself News for Democracy spent
almost $400,000 on more than 16 million impressions for a network of
14 Facebook pages that hadn’t existed until August. This
represented the second-largest political ad buy on Facebook for the
period, trailing only Beto O’Rourke’s Texas Senate campaign and
substantially overshadowing the third-place spender, the National
Republican Congressional Committee, according
to an analysis by a team at New York University’s Tandon School
of Engineering, led by Damon McCoy.

… So what is “News for Democracy”?

Buried in unrelated Google results, you’d find
an item from The Daily Beast’s Lachlan Markay, which
linked
together a series of Denver
LLCs that were sponsoring ads on Facebook: Three of these entities
share a Denver P.O. box with two other LLCs

… Three weeks out from the 2018 midterms, we
still know very little about the financial backing, operation, or
ultimate goals of one of the biggest political-ad purchasers on
Facebook in the run-up to the election. It’s not perfectly clear
what News for Democracy is trying to build. Is it simply pushing
individual-issue ads in key states, or is the organization trying to
amass information on voters, which it can use in subsequent
campaigns?

… With a little gumption and some savvy, News
for Democracy and MotiveAI easily
evaded Facebook’s system for making political ads more transparent.

“In these cases, transparency and
disclosure—especially when voluntarily and provisioned by private
companies—doesn’t do much to solve the underlying issue, which is
accountability, meaning the public’s ability to discern who is
trying to influence the outcome of an election,” Jonathan Albright
of the Tow Center for Digital Journalism at Columbia University told
me.

The world
is so dependent on YouTube for videos that people frantically
searched for alternatives during its 90-minute outage

… A glitch caused the Web's second-most
visited site, behind Google Search, to go
down for about about 90 minutes on Tuesday evening. For Google's
rivals, YouTube's outage was like manna from Heaven.

According to Google Trends, a glut of people began
searching for Vimeo and Dailymotion as soon as YouTube went offline.

… Journalists often make fun of how people
react in panic when a favorite site goes dark, but YouTube has become
a major source of entertainment, news and communication for billions
of people around the world. As of May, the site had a
staggering 1.8 billion logged-in users.

Illinois
officials assured voters Tuesday that their Nov. 6 tallies "will
be securely counted" following
a data breach that's part of the Justice Department's
investigation of Russian meddling in U.S. elections.

Board
of Elections Chairman William Cadigan and a group of state and local
officials — including Illinois National Guard leaders — said in
Chicago that beefed-up measures to monitor
and spot cybersecurity risks will ensure a fair and free
election. [Not “prevent
or correct?” Bob]

How an
Unlikely Family History Website Transformed Cold Case Investigations

… Law
enforcement agencies have their own database for criminal
investigations: Codis,
which contains more than 16 million DNA profiles. But forensic
profiles contain only a tiny fraction of the hundreds of thousands of
genetic markers that genealogy sites rely on. If investigators are
unable to find an exact match there, a site such as GEDmatch is
better for tracking down suspects through their relatives.

Today, people, businesses, government
officials, and law makers are unaware of the business model that
supports their favorite technology such as smartphones and connected
products that are supported by the Android, Apple, and Microsoft
Windows operating systems.

The connected-product business model
comprises surveillance and data mining business practices rooted in
“surveillance capitalism.” These are terms that the public is
unaware of because all parties concerned are not transparent about
their business practices.

Companies that have adopted a
surveillance capitalism business model are in the business to exploit
their paying customers or product users for financial gain at the
expense of the user’s civil liberties, privacy, cybersecurity, and
safety, whether the product user is an adult or a child.

EPIC proudly announces the 2018
edition of the Privacy Law Sourcebook, the definitive
reference guide to US and international privacy law. The Privacy
Law Sourcebook is an edited collection of the primary legal
instruments for privacy protection in the modern age, including
United States law, International law, and recent developments. The
Privacy Law Sourcebook 2018 has been updated and expanded to
include the modernized Council
of Europe Convention on Privacy, the Judicial
Redress Act, the CLOUD
Act, and new materials from the United Nations. The EPIC Privacy
Law Sourcebook also includes the full text of the GDPR. EPIC
will make the Privacy
Law Sourcebook
freely available to NGOs and human rights organizations.
EPIC publications and the publications of EPIC Advisory Board members
are available at the EPIC
Bookstore.

Interesting podcast. What ISIS learned from
Taylor Swift. (And you know they talk about Donald Trump)

Taylor Swift and
Islamic State are in a battle for our hearts, minds, and eyeballs.
Russia wants your vote, or for you not to vote at all. And if you
think the amount of false information out there online is dangerous
now, just wait. Artificial intelligence is about to make fake news
virtually indistinguishable from the real thing.

Volkswagen's
new $926M fine for Audi brings total dieselgate costs up to $33B

Volkswagen AG's Audi division has agreed to pay
$926 million in the latest series of fines tied to the dieselgate
scandal, which is now responsible for about $33
billion in costs.

As part of the deal with prosecutors in Munich,
Audi had to admit it worked around regulatory requirements. It also
loses profits from its sales from 2004 to 2018 in Europe and
stateside, and from the savings connected to not ensuring its cars
were compliant with requirements.

Netflix hooked 7 million new streaming subscribers
from July to September, a third more than Wall Street had expected,
reassuring investors who had worried the company was facing a
slowdown in its fast-paced growth.

The record number of additions in the third
quarter brought Netflix’s customer base to 137 million worldwide,
confirming its rank as by far the world’s biggest online
subscription video service.

Netflix shares, already up about 78 percent so far
this year, jumped 14 percent to $394.25 in after-hours trading, and
boosted other high-tech stocks.

Tuesday, October 16, 2018

Weibrecht Law in New Hampshire recently submitted
a notification to their state with this explanation of their breach:

On or about Monday September 10th, our
office sent an unencrypted electronic copy (“thumb drive”) of a
client file via US Postal Service. The envelope that the thumb drive
was sent in was received by the recipient, damaged and without the
thumb drive enclosed. We immediately contacted the USPS to
investigate.

Okay, so far that sounds really familiar, right,
although why entities would still send unencrypted thumb drives thru
postal mail in 2018 is a bit disheartening. In any event, their
report continues (with emphasis added by me):

A representative from our office spoke
with a representative in the Claims and Inquiries Department of the
USPS in Manchester, NH and learned that all items recovered from the
mail processing center are sent to her department. She
reported that because this was a common occurrence, she had several
buckets of thumb drives that had similarly been torn free from their
envelope in the mail sorting process.

Buckets of thumb drives? The possibilities are
staggering.

She did a visual review for the USB but
did not find it. She also reported that the USPS has its own
internal privacy policies that would preclude an employee from
actually opening any of the USBs that are recovered.

And we know that employees always rigorously
adhere to policies, right?

Based on this information, we do not have
reason to believe the information has been accessed by individuals
intending to misuse it. In fact, our investigation indicates that
the most likely disposition of the thumb drive was that it was
destroyed in a post office mail processing machine.

Complete the “write your own misdadventure”
starter above.

The law firm has taken
steps to provide protective and remediation services and is
changing their procedures for sending files, but how much time,
money, and potential reputation harm could they have avoided by
encrypting files during file transfer?

These lessons are so costly and painful for SMB.
I wish we could help more entities avoid having to learn them.

Madison County in Idaho fell
victim to a ransomware attack last week, after an employee opened
a phishing email asking for money. The IT department spent the week
recovering the computer system from the attack, which took place over
the three-day Columbus Day weekend.

The entire county network was affected, including
payroll systems, sanitation services and the treasurer’s office,
making it difficult for officials to conduct business operations.
Employees couldn’t send emails and had to use backup data to issue
paychecks.

… County Commissioner Brent Mendenhall and
Madison County Clerk Kim Muir said they will not pay the ransom and,
because the IT department had made backups, they were able to
successfully restore the system.

The nation’s second-largest health insurer has
agreed to pay the government a record $16 million to settle potential
privacy violations in the biggest known health care hack in U.S.
history, officials said Monday.

The personal information of nearly 79 million
people — including names, birthdates, Social Security numbers and
medical IDs — was exposed in the cyberattack, discovered by the
company in 2015.

The settlement between Anthem Inc. and the
Department of Health and Human Services represents the largest amount
collected by the agency in a health care data breach, officials said.

“…In fact, electronic surveillance of
employees, through technologies including not just video cameras but
also monitoring software, has grown
rapidly across all industries. Randolph Lewis, a professor of
American Studies at the University of Texas at Austin and the author
of Under Surveillance, Being Watched in Modern America,
pointed to software
that makes it possible for employers to monitor employee facial
expressions and tone of voice to gauge their emotional states, such
as rage or frustration. Among more conventional surveillance
methods, employers can track employees’ website visits, and keep
tabs on their employees’ keystrokes. Employers can also monitor
employees’ personal blogs, and read their social-networking
profiles. In one case in California, a sales executive at a
money-transfer firm sued
her employer, claiming she had been fired for disabling an app that
used employer-issued cell phones to track workers via GPS, even when
they were off the clock. (The suit was later settled out of court.)
The proliferation of
surveillance is due, at least in part, to the rising sophistication
and declining cost of spy technology: Employers monitor workers
because they can. Michel Anteby, a Boston University
sociologist and business scholar who has watched how monitoring
impacts employees at the TSA and other workplaces, has also noticed
that the more employees are surveyed, the harder they try to avoid
being watched, and the harder management tries to watch them. “Most
TSA workers we observed do everything possible to stay under the
radar, to essentially disappear,” he said. “They try to never
speak up, never stick out, do nothing that might get noticed by
management,” he said. “This leads to a vicious cycle, whereby
management grows more suspicious and feels justified in ratcheting up
the surveillance.”

The orders poured in from everywhere — 105,000 a
day at one point — so much so that the company became
an economic force. It could make or break suppliers by promoting
their products. It could dictate terms on manufacturing. Its
headquarters city boomed as this tech-driven retailer built huge
warehouses and factories and attracted other businesses and rivals.
State and local governments complained that the company was harming
small-town retailers.

… Sears became the Amazon of its day because
its co-founder Richard Warren Sears harnessed two great networks to
serve his enterprise — the railroads and the United States Postal
Service. When the Postal Service commenced
rural free delivery in 1896 (the “last mile” in today’s
jargon) every homestead in America became within reach.

And Richard Sears reached them. He used his
genius for advertising and promotion to put a catalog in the hands of
20 million Americans in 1900, when the population was 76 million.
The Wish Book […] could run a staggering 1,500 pages and offer more
than 100,000 items.

This week PBS Education is hosting the first
webinar in a four part virtual professional development series called
For
the Love of Lit. This series features free webinars designed to
help ELA teachers engage their students in learning about literature.

The four webinars in the series are as follows:

Inspiring Young
Authors, with NaNoWriMo founder Chris Baty

Including All
Readers, with student activist Marley Dias

Encouraging Bright
Thinkers

Cultivating Young Book Lovers

You can register for
one or all four registers right
here. PD certificates are available for attending each session.

Anyone pumped for this week’s launch
of Google’s Home Hub might want to temper their excitement. A
smart home is a surveilled home. That’s been the
concern of privacy activists since citizens started lighting up their
abodes with so-called “smart” tech in recent years.

Take Google’s current smart home
division, Nest Labs. It’s been told to hand over data on 300
separate occasions since 2015. That’s according to a
little-documented transparency
report from Nest, launched a year after the $3.2
billion Google acquisition. The report shows around 60 requests
for data were received by Google’s unit in the first half of this
year alone.

SSRN – “We are pleased to announce the
creation of the Criminal Justice Research Network (CJRN),
which focuses on 10 major areas of scholarship. SSRN’s newest
network provides a worldwide online community for criminal justice
scholars and for the sharing of ideas across a broad spectrum of
early-stage research.SSRN had added a new collection of e-journals on
criminal law. Subscriptions
are currently free. [time period not specified]. You can
browse or search the entire CJRN
collection of eJournals.”

A large new
study finds people who grew up in book-filled homes have higher
reading, math, and technological skills

Home
Libraries Confer Long-Term Benefits – “We’ve known for a
while that home libraries are strongly linked
to children’s academic achievement. What’s less certain is
whether the benefits they bestow have a long-term impact. A new
large-scale
study, featuring data from 31 countries, reports they do indeed.
It finds the advantages of growing up in a book-filled home can be
measured well into adulthood. “Adolescent exposure to books is an
integral part of social practices that foster long-term cognitive
competencies,” writes a research team led by Joanna
Sikora of Australian National University. These reading-driven
abilities not only “facilitate educational and occupational
attainment,” the researchers write in the journal Social
Science Research. “[They] also lay a foundation for lifelong
routine activities that enhance literacy and numeracy.” The
researchers analyzed data from the Programme
for the International Assessment of Competencies. Its surveys,
taken between 2011 and 2015, featured adults (ages 25 to 65) in 31
nations, including the United States, Canada, Australia, Germany,
France, Singapore, and Turkey.

All participants were asked how many
books there were in their home when they were 16 years old. (One
meter of shelving, they were told, holds about 40 books.) They chose
from a series of options ranging from “10 or less” to “more
than 500.” Literacy was defined as “the ability to read
effectively to participate in society and achieve personal goals.”
Participants took tests that “captured a range of basic through
advanced comprehension skills, from reading brief texts for a single
piece of information to synthesizing information from complex texts.”
Numeracy tests measured the “ability to use mathematical concepts
in everyday life,” while IT-related tests “assessed the ability
to use digital technology to communicate with others, as well as to
gather, analyze, and synthesize information.” The results suggest
those volumes made a long-term difference. “Growing up with home
libraries boosts adult skills in these areas beyond the benefits
accrued from parental education, or [one’s] own educational or
occupational attainment,” the researchers report. Not
surprisingly, the biggest impact was on reading ability. “The
total effects of home library size on literacy are large everywhere,”
the researchers report…”

A global
tipping point: Half the world is now middle class or wealthier

Brookings report – Half
the world is now middle class or wealthier: “…Our “middle
class” classification was first
developed in 2010 and has been used by many researchers. While
acknowledging that the middle class does not have a precise
definition that can be globally applied, the threshold we use in this
work has the following characteristics: those in the middle class
have some discretionary income that can be used to buy consumer
durables like motorcycles, refrigerators, or washing machines. They
can afford to go to movies or indulge in other forms of
entertainment. They may take vacations. And they are reasonably
confident that they and their family can weather an economic
shock—like illness or a spell of unemployment—without falling
back into extreme poverty. By classifying all households in the
world into one of these four groups, using income and expenditure
surveys from 188 countries, we are able to derive measures of the
global distribution of income. Our social enterprise World
Data Lab—the maker of World
Poverty Clock—has refined these estimates and created a new
interactive data model to estimate all income brackets for almost
every country for every point in time until 2030 by combining
demographic and economic data. A lot has been written about the
world’s progress in reducing the number of people living in extreme
poverty, as highlighted in the recent Goalkeepers
report put out by the Bill and Melinda Gates Foundation. We
believe that another story relates to the rapid
emergence of the global middle class. This middle class story is
probably bigger in terms of the number of people affected. In the
world today, about one person escapes extreme poverty every second;
but five people a second are entering the middle class. The rich are
growing too, but at a far smaller rate (1 person every 2 seconds)…”

“Dozens of new initiatives have
launched to confront fake news and the erosion of faith in the media,
Axios’ Sara Fischer reports:

The
Trust Project, which is made up of dozens of global
news companies, announced this morning that the number of journalism
organizations using the global network’s “Trust Indicators”
now totals 120, making it one of the larger global initiatives to
combat fake news. Some of these groups (like NewsGuard) work with
Trust Project and are a part of it.

… Initially, the social media giant estimated
that 50 million accounts were affected by the hack but said it was
not clear whether any information had been stolen.

Facebook has revised
the total number of affected users down to around 30 million. But it
has also confirmed that hackers accessed personal details in most of
those cases — including, for about half of those users, recent
searches and locations.

… Fifteen million of those users had their
names and contact details — which could be email addresses or phone
numbers — accessed.

In a more serious breach, 14 million people had a
wider array of data accessed, including their gender, religion,
relationship status, birthday, current city and hometown, device
types, education and work history. Hackers also had access to those
users' last 15 searches, and the last 10 locations they either
checked into or were tagged in by someone else.

The 400,000 people whose accounts were first
hacked were most seriously compromised, with hackers viewing their
posts, their friend lists, their group memberships and the names of
recent message conversations (though not, in most cases, the contents
of those messages).

… Last month, Forbes
reported the first known instance of a search warrant being used
to unlock a suspect’s iPhone X with their own face, leveraging the
iPhone X’s Face ID feature.

But Face ID can of course also work against law
enforcement—too many failed attempts with the ‘wrong’ face can
force the iPhone to request a potentially harder to obtain passcode
instead. Taking advantage of legal differences in how passcodes are
protected, US law enforcement have forced people to unlock their
devices with not just their face but their fingerprints too. But
still, in a set of presentation slides obtained by Motherboard this
week, one company specialising in mobile forensics is telling
investigators not to even look at phones with Face ID, because they
might accidentally trigger this mechanism.

Perspective. One company’s “Wow!” is an
other’s “Oh? I hadn’t noticed.”

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.